2 Unix SMB/CIFS implementation.
4 interface functions for the sam database
6 Copyright (C) Andrew Tridgell 2004
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #include "librpc/gen_ndr/ndr_netlogon.h"
25 #include "librpc/gen_ndr/ndr_misc.h"
26 #include "lib/ldb/include/ldb.h"
27 #include "system/time.h"
28 #include "system/filesys.h"
32 connect to the SAM database
33 return an opaque context pointer on success, or NULL on failure
35 struct ldb_context *samdb_connect(TALLOC_CTX *mem_ctx)
37 return ldb_wrap_connect(mem_ctx, lp_sam_url(), 0, NULL);
41 search the sam for the specified attributes in a specific domain, filter on
42 objectSid being in domain_sid.
44 int samdb_search_domain(struct ldb_context *sam_ldb,
47 struct ldb_message ***res,
48 const char * const *attrs,
49 const struct dom_sid *domain_sid,
50 const char *format, ...) _PRINTF_ATTRIBUTE(7,8)
56 count = gendb_search_v(sam_ldb, mem_ctx, basedn,
57 res, attrs, format, ap);
63 struct dom_sid *entry_sid;
65 entry_sid = samdb_result_dom_sid(mem_ctx, (*res)[i], "objectSid");
67 if ((entry_sid == NULL) ||
68 (!dom_sid_in_domain(domain_sid, entry_sid))) {
69 /* Delete that entry from the result set */
70 (*res)[i] = (*res)[count-1];
72 talloc_free(entry_sid);
75 talloc_free(entry_sid);
83 search the sam for a single string attribute in exactly 1 record
85 const char *samdb_search_string_v(struct ldb_context *sam_ldb,
88 const char *attr_name,
89 const char *format, va_list ap) _PRINTF_ATTRIBUTE(5,0)
92 const char *attrs[2] = { NULL, NULL };
93 struct ldb_message **res = NULL;
97 count = gendb_search_v(sam_ldb, mem_ctx, basedn, &res, attrs, format, ap);
99 DEBUG(1,("samdb: search for %s %s not single valued (count=%d)\n",
100 attr_name, format, count));
107 return samdb_result_string(res[0], attr_name, NULL);
112 search the sam for a single string attribute in exactly 1 record
114 const char *samdb_search_string(struct ldb_context *sam_ldb,
117 const char *attr_name,
118 const char *format, ...) _PRINTF_ATTRIBUTE(5,6)
123 va_start(ap, format);
124 str = samdb_search_string_v(sam_ldb, mem_ctx, basedn, attr_name, format, ap);
131 search the sam for a dom_sid attribute in exactly 1 record
133 struct dom_sid *samdb_search_dom_sid(struct ldb_context *sam_ldb,
136 const char *attr_name,
137 const char *format, ...) _PRINTF_ATTRIBUTE(5,6)
141 struct ldb_message **res;
142 const char *attrs[2] = { NULL, NULL };
145 attrs[0] = attr_name;
147 va_start(ap, format);
148 count = gendb_search_v(sam_ldb, mem_ctx, basedn, &res, attrs, format, ap);
151 DEBUG(1,("samdb: search for %s %s not single valued (count=%d)\n",
152 attr_name, format, count));
158 sid = samdb_result_dom_sid(mem_ctx, res[0], attr_name);
164 return the count of the number of records in the sam matching the query
166 int samdb_search_count(struct ldb_context *sam_ldb,
169 const char *format, ...) _PRINTF_ATTRIBUTE(4,5)
172 struct ldb_message **res;
173 const char * const attrs[] = { NULL };
176 va_start(ap, format);
177 ret = gendb_search_v(sam_ldb, mem_ctx, basedn, &res, attrs, format, ap);
185 search the sam for a single integer attribute in exactly 1 record
187 uint_t samdb_search_uint(struct ldb_context *sam_ldb,
189 uint_t default_value,
191 const char *attr_name,
192 const char *format, ...) _PRINTF_ATTRIBUTE(6,7)
196 struct ldb_message **res;
197 const char *attrs[2] = { NULL, NULL };
199 attrs[0] = attr_name;
201 va_start(ap, format);
202 count = gendb_search_v(sam_ldb, mem_ctx, basedn, &res, attrs, format, ap);
206 return default_value;
209 return samdb_result_uint(res[0], attr_name, default_value);
213 search the sam for a single signed 64 bit integer attribute in exactly 1 record
215 int64_t samdb_search_int64(struct ldb_context *sam_ldb,
217 int64_t default_value,
219 const char *attr_name,
220 const char *format, ...) _PRINTF_ATTRIBUTE(6,7)
224 struct ldb_message **res;
225 const char *attrs[2] = { NULL, NULL };
227 attrs[0] = attr_name;
229 va_start(ap, format);
230 count = gendb_search_v(sam_ldb, mem_ctx, basedn, &res, attrs, format, ap);
234 return default_value;
237 return samdb_result_int64(res[0], attr_name, default_value);
241 search the sam for multipe records each giving a single string attribute
242 return the number of matches, or -1 on error
244 int samdb_search_string_multiple(struct ldb_context *sam_ldb,
248 const char *attr_name,
249 const char *format, ...) _PRINTF_ATTRIBUTE(6,7)
253 const char *attrs[2] = { NULL, NULL };
254 struct ldb_message **res = NULL;
256 attrs[0] = attr_name;
258 va_start(ap, format);
259 count = gendb_search_v(sam_ldb, mem_ctx, basedn, &res, attrs, format, ap);
266 /* make sure its single valued */
267 for (i=0;i<count;i++) {
268 if (res[i]->num_elements != 1) {
269 DEBUG(1,("samdb: search for %s %s not single valued\n",
276 *strs = talloc_array(mem_ctx, const char *, count+1);
282 for (i=0;i<count;i++) {
283 (*strs)[i] = samdb_result_string(res[i], attr_name, NULL);
285 (*strs)[count] = NULL;
291 pull a uint from a result set.
293 uint_t samdb_result_uint(struct ldb_message *msg, const char *attr, uint_t default_value)
295 return ldb_msg_find_uint(msg, attr, default_value);
299 pull a (signed) int64 from a result set.
301 int64_t samdb_result_int64(struct ldb_message *msg, const char *attr, int64_t default_value)
303 return ldb_msg_find_int64(msg, attr, default_value);
307 pull a string from a result set.
309 const char *samdb_result_string(struct ldb_message *msg, const char *attr,
310 const char *default_value)
312 return ldb_msg_find_string(msg, attr, default_value);
316 pull a rid from a objectSid in a result set.
318 uint32_t samdb_result_rid_from_sid(TALLOC_CTX *mem_ctx, struct ldb_message *msg,
319 const char *attr, uint32_t default_value)
324 sid = samdb_result_dom_sid(mem_ctx, msg, attr);
326 return default_value;
328 rid = sid->sub_auths[sid->num_auths-1];
334 pull a dom_sid structure from a objectSid in a result set.
336 struct dom_sid *samdb_result_dom_sid(TALLOC_CTX *mem_ctx, struct ldb_message *msg,
339 const struct ldb_val *v;
342 v = ldb_msg_find_ldb_val(msg, attr);
346 sid = talloc(mem_ctx, struct dom_sid);
350 status = ndr_pull_struct_blob(v, sid, sid,
351 (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
352 if (!NT_STATUS_IS_OK(status)) {
360 pull a guid structure from a objectGUID in a result set.
362 struct GUID samdb_result_guid(struct ldb_message *msg, const char *attr)
364 const struct ldb_val *v;
371 v = ldb_msg_find_ldb_val(msg, attr);
374 mem_ctx = talloc_named_const(NULL, 0, "samdb_result_guid");
375 if (!mem_ctx) return guid;
376 status = ndr_pull_struct_blob(v, mem_ctx, &guid,
377 (ndr_pull_flags_fn_t)ndr_pull_GUID);
378 talloc_free(mem_ctx);
379 if (!NT_STATUS_IS_OK(status)) {
387 pull a sid prefix from a objectSid in a result set.
388 this is used to find the domain sid for a user
390 struct dom_sid *samdb_result_sid_prefix(TALLOC_CTX *mem_ctx, struct ldb_message *msg,
393 struct dom_sid *sid = samdb_result_dom_sid(mem_ctx, msg, attr);
394 if (!sid || sid->num_auths < 1) return NULL;
400 pull a NTTIME in a result set.
402 NTTIME samdb_result_nttime(struct ldb_message *msg, const char *attr, const char *default_value)
404 const char *str = ldb_msg_find_string(msg, attr, default_value);
405 return nttime_from_string(str);
409 pull a uint64_t from a result set.
411 uint64_t samdb_result_uint64(struct ldb_message *msg, const char *attr, uint64_t default_value)
413 return ldb_msg_find_uint64(msg, attr, default_value);
418 construct the allow_password_change field from the PwdLastSet attribute and the
419 domain password settings
421 NTTIME samdb_result_allow_password_change(struct ldb_context *sam_ldb,
423 const char *domain_dn,
424 struct ldb_message *msg,
427 uint64_t attr_time = samdb_result_uint64(msg, attr, 0);
430 if (attr_time == 0) {
434 minPwdAge = samdb_search_int64(sam_ldb, mem_ctx, 0,
435 domain_dn, "minPwdAge", "dn=%s", domain_dn);
437 /* yes, this is a -= not a += as minPwdAge is stored as the negative
438 of the number of 100-nano-seconds */
439 attr_time -= minPwdAge;
445 construct the force_password_change field from the PwdLastSet attribute and the
446 domain password settings
448 NTTIME samdb_result_force_password_change(struct ldb_context *sam_ldb,
450 const char *domain_dn,
451 struct ldb_message *msg,
454 uint64_t attr_time = samdb_result_uint64(msg, attr, 0);
457 if (attr_time == 0) {
461 maxPwdAge = samdb_search_int64(sam_ldb, mem_ctx, 0, domain_dn,
462 "maxPwdAge", "dn=%s", domain_dn);
463 if (maxPwdAge == 0) {
466 attr_time -= maxPwdAge;
473 pull a samr_Password structutre from a result set.
475 struct samr_Password samdb_result_hash(struct ldb_message *msg, const char *attr)
477 struct samr_Password hash;
478 const struct ldb_val *val = ldb_msg_find_ldb_val(msg, attr);
481 memcpy(hash.hash, val->data, MIN(val->length, sizeof(hash.hash)));
487 pull an array of samr_Password structutres from a result set.
489 uint_t samdb_result_hashes(TALLOC_CTX *mem_ctx, struct ldb_message *msg,
490 const char *attr, struct samr_Password **hashes)
493 const struct ldb_val *val = ldb_msg_find_ldb_val(msg, attr);
500 count = val->length / 16;
505 *hashes = talloc_array(mem_ctx, struct samr_Password, count);
510 for (i=0;i<count;i++) {
511 memcpy((*hashes)[i].hash, (i*16)+(char *)val->data, 16);
517 NTSTATUS samdb_result_passwords(TALLOC_CTX *mem_ctx, struct ldb_message *msg,
518 struct samr_Password **lm_pwd, struct samr_Password **nt_pwd)
521 const char *unicodePwd = samdb_result_string(msg, "unicodePwd", NULL);
523 struct samr_Password *lmPwdHash, *ntPwdHash;
526 ntPwdHash = talloc(mem_ctx, struct samr_Password);
528 return NT_STATUS_NO_MEMORY;
531 E_md4hash(unicodePwd, ntPwdHash->hash);
538 lmPwdHash = talloc(mem_ctx, struct samr_Password);
540 return NT_STATUS_NO_MEMORY;
543 /* compute the new nt and lm hashes */
544 lm_hash_ok = E_deshash(unicodePwd, lmPwdHash->hash);
555 num_nt = samdb_result_hashes(mem_ctx, msg, "ntPwdHash", &ntPwdHash);
558 } else if (num_nt > 1) {
559 return NT_STATUS_INTERNAL_DB_CORRUPTION;
561 *nt_pwd = &ntPwdHash[0];
566 num_lm = samdb_result_hashes(mem_ctx, msg, "lmPwdHash", &lmPwdHash);
569 } else if (num_lm > 1) {
570 return NT_STATUS_INTERNAL_DB_CORRUPTION;
572 *lm_pwd = &lmPwdHash[0];
581 pull a samr_LogonHours structutre from a result set.
583 struct samr_LogonHours samdb_result_logon_hours(TALLOC_CTX *mem_ctx, struct ldb_message *msg, const char *attr)
585 struct samr_LogonHours hours;
586 const int units_per_week = 168;
587 const struct ldb_val *val = ldb_msg_find_ldb_val(msg, attr);
589 hours.bits = talloc_array(mem_ctx, uint8_t, units_per_week);
593 hours.units_per_week = units_per_week;
594 memset(hours.bits, 0xFF, units_per_week);
596 memcpy(hours.bits, val->data, MIN(val->length, units_per_week));
602 pull a set of account_flags from a result set.
604 uint16_t samdb_result_acct_flags(struct ldb_message *msg, const char *attr)
606 uint_t userAccountControl = ldb_msg_find_uint(msg, attr, 0);
607 return samdb_uf2acb(userAccountControl);
611 copy from a template record to a message
613 int samdb_copy_template(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx,
614 struct ldb_message *msg, const char *expression)
616 struct ldb_message **res, *t;
620 /* pull the template record */
621 ret = gendb_search(sam_ldb, mem_ctx, NULL, &res, NULL, "%s", expression);
623 DEBUG(1,("samdb: ERROR: template '%s' matched %d records\n",
629 for (i=0;i<t->num_elements;i++) {
630 struct ldb_message_element *el = &t->elements[i];
631 /* some elements should not be copied from the template */
632 if (strcasecmp(el->name, "cn") == 0 ||
633 strcasecmp(el->name, "name") == 0 ||
634 strcasecmp(el->name, "sAMAccountName") == 0) {
637 for (j=0;j<el->num_values;j++) {
638 if (strcasecmp(el->name, "objectClass") == 0 &&
639 (strcasecmp((char *)el->values[j].data, "Template") == 0 ||
640 strcasecmp((char *)el->values[j].data, "userTemplate") == 0 ||
641 strcasecmp((char *)el->values[j].data, "groupTemplate") == 0 ||
642 strcasecmp((char *)el->values[j].data, "foreignSecurityTemplate") == 0 ||
643 strcasecmp((char *)el->values[j].data, "aliasTemplate") == 0 ||
644 strcasecmp((char *)el->values[j].data, "trustedDomainTemplate") == 0 ||
645 strcasecmp((char *)el->values[j].data, "secretTemplate") == 0)) {
648 samdb_msg_add_string(sam_ldb, mem_ctx, msg, el->name,
649 (char *)el->values[j].data);
658 allocate a new id, attempting to do it atomically
659 return 0 on failure, the id on success
661 static NTSTATUS _samdb_allocate_next_id(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, const char *dn,
662 const char *attr, uint32_t *id)
664 struct ldb_message msg;
667 struct ldb_val vals[2];
668 struct ldb_message_element els[2];
670 str = samdb_search_string(sam_ldb, mem_ctx, dn, attr, "dn=%s", dn);
672 DEBUG(1,("id not found at %s %s\n", dn, attr));
673 return NT_STATUS_OBJECT_NAME_INVALID;
676 *id = strtol(str, NULL, 0);
679 return NT_STATUS_INSUFFICIENT_RESOURCES;
682 /* we do a delete and add as a single operation. That prevents
685 msg.dn = talloc_strdup(mem_ctx, dn);
687 return NT_STATUS_NO_MEMORY;
689 msg.num_elements = 2;
692 els[0].num_values = 1;
693 els[0].values = &vals[0];
694 els[0].flags = LDB_FLAG_MOD_DELETE;
695 els[0].name = talloc_strdup(mem_ctx, attr);
697 return NT_STATUS_NO_MEMORY;
700 els[1].num_values = 1;
701 els[1].values = &vals[1];
702 els[1].flags = LDB_FLAG_MOD_ADD;
703 els[1].name = els[0].name;
705 vals[0].data = (uint8_t *)talloc_asprintf(mem_ctx, "%u", *id);
707 return NT_STATUS_NO_MEMORY;
709 vals[0].length = strlen((const char *)vals[0].data);
711 vals[1].data = (uint8_t *)talloc_asprintf(mem_ctx, "%u", (*id)+1);
713 return NT_STATUS_NO_MEMORY;
715 vals[1].length = strlen((const char *)vals[1].data);
717 ret = ldb_modify(sam_ldb, &msg);
719 return NT_STATUS_UNEXPECTED_IO_ERROR;
728 allocate a new id, attempting to do it atomically
729 return 0 on failure, the id on success
731 NTSTATUS samdb_allocate_next_id(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, const char *dn, const char *attr,
737 /* we need to try multiple times to cope with two account
738 creations at the same time */
740 status = _samdb_allocate_next_id(sam_ldb, mem_ctx, dn, attr, id);
741 if (!NT_STATUS_EQUAL(NT_STATUS_UNEXPECTED_IO_ERROR, status)) {
746 if (NT_STATUS_EQUAL(NT_STATUS_UNEXPECTED_IO_ERROR, status)) {
747 DEBUG(1,("Failed to increment id %s at %s\n", attr, dn));
755 add a string element to a message
757 int samdb_msg_add_string(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
758 const char *attr_name, const char *str)
760 char *s = talloc_strdup(mem_ctx, str);
761 char *a = talloc_strdup(mem_ctx, attr_name);
762 if (s == NULL || a == NULL) {
765 return ldb_msg_add_string(sam_ldb, msg, a, s);
769 add a dom_sid element to a message
771 int samdb_msg_add_dom_sid(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
772 const char *attr_name, struct dom_sid *sid)
776 status = ndr_push_struct_blob(&v, mem_ctx, sid,
777 (ndr_push_flags_fn_t)ndr_push_dom_sid);
778 if (!NT_STATUS_IS_OK(status)) {
781 return ldb_msg_add_value(sam_ldb, msg, attr_name, &v);
786 add a delete element operation to a message
788 int samdb_msg_add_delete(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
789 const char *attr_name)
791 char *a = talloc_strdup(mem_ctx, attr_name);
795 /* we use an empty replace rather than a delete, as it allows for
796 samdb_replace() to be used everywhere */
797 return ldb_msg_add_empty(sam_ldb, msg, a, LDB_FLAG_MOD_REPLACE);
801 add a add attribute value to a message
803 int samdb_msg_add_addval(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
804 const char *attr_name, const char *value)
806 struct ldb_message_element *el;
809 a = talloc_strdup(mem_ctx, attr_name);
812 v = talloc_strdup(mem_ctx, value);
815 ret = ldb_msg_add_string(sam_ldb, msg, a, v);
818 el = ldb_msg_find_element(msg, a);
821 el->flags = LDB_FLAG_MOD_ADD;
826 add a delete attribute value to a message
828 int samdb_msg_add_delval(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
829 const char *attr_name, const char *value)
831 struct ldb_message_element *el;
834 a = talloc_strdup(mem_ctx, attr_name);
837 v = talloc_strdup(mem_ctx, value);
840 ret = ldb_msg_add_string(sam_ldb, msg, a, v);
843 el = ldb_msg_find_element(msg, a);
846 el->flags = LDB_FLAG_MOD_DELETE;
851 add a uint_t element to a message
853 int samdb_msg_add_uint(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
854 const char *attr_name, uint_t v)
856 const char *s = talloc_asprintf(mem_ctx, "%u", v);
857 return samdb_msg_add_string(sam_ldb, mem_ctx, msg, attr_name, s);
861 add a (signed) int64_t element to a message
863 int samdb_msg_add_int64(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
864 const char *attr_name, int64_t v)
866 const char *s = talloc_asprintf(mem_ctx, "%lld", v);
867 return samdb_msg_add_string(sam_ldb, mem_ctx, msg, attr_name, s);
871 add a uint64_t element to a message
873 int samdb_msg_add_uint64(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
874 const char *attr_name, uint64_t v)
876 const char *s = talloc_asprintf(mem_ctx, "%llu", v);
877 return samdb_msg_add_string(sam_ldb, mem_ctx, msg, attr_name, s);
881 add a samr_Password element to a message
883 int samdb_msg_add_hash(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
884 const char *attr_name, struct samr_Password *hash)
887 val.data = talloc_memdup(mem_ctx, hash->hash, 16);
892 return ldb_msg_add_value(sam_ldb, msg, attr_name, &val);
896 add a samr_Password array to a message
898 int samdb_msg_add_hashes(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
899 const char *attr_name, struct samr_Password *hashes, uint_t count)
903 val.data = talloc_array_size(mem_ctx, 16, count);
904 val.length = count*16;
908 for (i=0;i<count;i++) {
909 memcpy(i*16 + (char *)val.data, hashes[i].hash, 16);
911 return ldb_msg_add_value(sam_ldb, msg, attr_name, &val);
915 add a acct_flags element to a message
917 int samdb_msg_add_acct_flags(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
918 const char *attr_name, uint32_t v)
920 return samdb_msg_add_uint(sam_ldb, mem_ctx, msg, attr_name, samdb_acb2uf(v));
924 add a logon_hours element to a message
926 int samdb_msg_add_logon_hours(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
927 const char *attr_name, struct samr_LogonHours *hours)
930 val.length = hours->units_per_week / 8;
931 val.data = hours->bits;
932 return ldb_msg_add_value(sam_ldb, msg, attr_name, &val);
936 add a general value element to a message
938 int samdb_msg_add_value(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
939 const char *attr_name, const struct ldb_val *val)
941 return ldb_msg_add_value(sam_ldb, msg, attr_name, val);
945 sets a general value element to a message
947 int samdb_msg_set_value(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
948 const char *attr_name, const struct ldb_val *val)
950 struct ldb_message_element *el;
952 el = ldb_msg_find_element(msg, attr_name);
956 return ldb_msg_add_value(sam_ldb, msg, attr_name, val);
960 set a string element in a message
962 int samdb_msg_set_string(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
963 const char *attr_name, const char *str)
965 struct ldb_message_element *el;
967 el = ldb_msg_find_element(msg, attr_name);
971 return samdb_msg_add_string(sam_ldb, mem_ctx, msg, attr_name, str);
975 set a ldaptime element in a message
977 int samdb_msg_set_ldaptime(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
978 const char *attr_name, time_t t)
980 char *str = ldap_timestring(mem_ctx, t);
984 return samdb_msg_set_string(sam_ldb, mem_ctx, msg, attr_name, str);
990 int samdb_add(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg)
992 return ldb_add(sam_ldb, msg);
998 int samdb_delete(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, const char *dn)
1000 return ldb_delete(sam_ldb, dn);
1006 int samdb_modify(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg)
1008 return ldb_modify(sam_ldb, msg);
1012 replace elements in a record
1014 int samdb_replace(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg)
1018 /* mark all the message elements as LDB_FLAG_MOD_REPLACE */
1019 for (i=0;i<msg->num_elements;i++) {
1020 msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
1023 /* modify the samdb record */
1024 return samdb_modify(sam_ldb, mem_ctx, msg);
1028 return a default security descriptor
1030 struct security_descriptor *samdb_default_security_descriptor(TALLOC_CTX *mem_ctx)
1032 struct security_descriptor *sd;
1034 sd = security_descriptor_initialise(mem_ctx);